Professional Documents
Culture Documents
SEED Labs – Firewall Exploration Lab Report
SEED Labs – Firewall Exploration Lab Report
In this lab, I explored how firewalls work and learned how to set up a simple firewall for a
network using both a custom stateless packet-filtering firewall and iptables in Linux. I used a
provided SEED Ubuntu 20.04 VM and Docker containers to simulate a network environment for
this lab.
First, I set up the lab environment using Docker containers. The network topology included
multiple machines as depicted in Figure 1 of the lab manual. Here are the steps I followed:
dockps
ask 1: Implementing a Simple Firewall
I started by compiling and running a simple Loadable Kernel Module (LKM). The module prints
"Hello World!" when loaded and "Bye-bye World!" when removed.
#include <linux/module.h>
#include <linux/kernel.h>
int initialization(void) {
printk(KERN_INFO "Hello World!\n");
return 0;
}
void cleanup(void) {
printk(KERN_INFO "Bye-bye World!.\n");
}
module_init(initialization);
module_exit(cleanup);
Created Makefile:
makefile
obj-m += hello.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
Compiled the kernel module:
Make
Loaded and removed the module:
sudo insmod hello.ko
lsmod | grep hello
sudo rmmod hello
dmesg
sudo dmesg # For Ubuntu 22.04
The output from dmesg confirmed that the module was loaded and unloaded successfully.
Task 1.B: Implement a Simple Firewall Using Netfilter
I set rules to prevent outside access to the router except for ping.
ping 10.9.0.1
telnet 10.9.0.1
Cleaned up the iptables rules:
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
1.
2. Verified by pinging from external and internal hosts.
Task 2.C: Protecting Internal Servers
Added rules to allow telnet access to a specific internal host and block others:
conntrack -L
Conducted experiments with ICMP, UDP, and TCP:
# ICMP
ping 192.168.60.5
# UDP
nc -lu 9090
nc -u 192.168.60.5 9090
# TCP
nc -l 9090
nc 192.168.60.5 9090
Through this lab, I gained practical experience in setting up and managing firewalls using both
custom LKMs and iptables. I explored various aspects of firewall functionality, including
stateless and stateful filtering, rate limiting, and load balancing. The detailed steps and
observations documented in this report demonstrate the successful implementation and
understanding of firewall mechanisms in a networked environment.